← Back

Mozilla

mozilla

3,581 CVEs • 43 products

Products (43)

Click to collapse
Toggle
Firefox
firefox
3,149 CVEs
Thunderbird
thunderbird
1,743 CVEs
Seamonkey
seamonkey
704 CVEs
Firefox Esr
firefox_esr
488 CVEs
Thunderbird Esr
thunderbird_esr
228 CVEs
Bugzilla
bugzilla
145 CVEs
Mozilla
mozilla
108 CVEs
Network Security Services
network_security_services
50 CVEs
Mozilla Suite
mozilla_suite
27 CVEs
Firefox Mobile
firefox_mobile
20 CVEs
Firefox Focus
firefox_focus
20 CVEs
Focus
focus
15 CVEs
Firefox Os
firefox_os
14 CVEs
Nss
nss
6 CVEs
Bleach
bleach
5 CVEs
Bonsai
bonsai
4 CVEs
Camino
camino
4 CVEs
Vpn
vpn
4 CVEs
Netscape Portable Runtime
netscape_portable_runtime
3 CVEs
Convict
convict
3 CVEs
Nunjucks
nunjucks
2 CVEs
Mozjpeg
mozjpeg
2 CVEs
Webthings Gateway
webthings_gateway
2 CVEs
Pollbot
pollbot
2 CVEs
Geckodriver
geckodriver
2 CVEs
Gecko
gecko
1 CVE
Durian Web Application Server
durian_web_application_server
1 CVE
Geckb
geckb
1 CVE
Libxul
libxul
1 CVE
Zamboni
zamboni
1 CVE
Firefoxos
firefoxos
1 CVE
Persona
persona
1 CVE
Hubs Cloud Reticulum
hubs_cloud_reticulum
1 CVE
Hubs Cloud
hubs_cloud
1 CVE
Mozilla Vpn
mozilla_vpn
1 CVE
Nss Esr
nss_esr
1 CVE
Hawk
hawk
1 CVE
Common Voice
common_voice
1 CVE
Sccache
sccache
1 CVE
Neqo
neqo
1 CVE
Rhino
rhino
1 CVE
0din Scanner
0din_scanner
1 CVE
Thin Vec
thin-vec
1 CVE

CVEs (3,581)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-18511
1Mozilla
1Firefox
Nov 21, 2024
Apr 26, 2019
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnera...Show more
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.Show less
CVE-2018-18510
1Mozilla
1Firefox
Nov 21, 2024
Apr 26, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service...Show more
The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64.Show less
CVE-2018-18509
1Mozilla
1Thunderbird
Nov 21, 2024
Apr 26, 2019
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an...Show more
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1.Show less
CVE-2018-5179
1Mozilla
1Firefox
Nov 21, 2024
Apr 26, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
CVE-2017-7777
2Mozilla
Sil
2Firefox
Graphite2
Nov 21, 2024
Apr 15, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVE-2017-7776
2Mozilla
Sil
2Firefox
Graphite2
Nov 21, 2024
Apr 15, 2019
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVE-2017-7774
2Mozilla
Sil
2Firefox
Graphite2
Nov 21, 2024
Apr 15, 2019
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVE-2017-7773
2Mozilla
Sil
2Firefox
Graphite2
Nov 21, 2024
Apr 15, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVE-2017-7771
2Mozilla
Sil
2Firefox
Graphite2
Nov 21, 2024
Apr 15, 2019
N/A· v4
8.1 HIGH· v3
5.8 MEDIUM· v2
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVE-2017-7772
2Mozilla
Sil
2Firefox
Graphite2
Nov 21, 2024
Apr 12, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
CVE-2018-14498
5Debian
FedoraprojectLibjpeg Turbo+2 more
5Debian Linux
FedoraLeap+2 more
Nov 21, 2024
Mar 7, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or...Show more
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.Show less
CVE-2018-18499
1Mozilla
3Firefox
Firefox EsrThunderbird
Nov 21, 2024
Feb 28, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin...Show more
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.Show less
CVE-2018-18498
4Canonical
DebianMozilla+1 more
11Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+8 more
Nov 21, 2024
Feb 28, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vuln...Show more
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-18497
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Feb 28, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a...Show more
Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This vulnerability affects Firefox < 64.Show less
CVE-2018-18496
1Mozilla
1Firefox
Nov 21, 2024
Feb 28, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file fr...Show more
When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64.Show less
CVE-2018-18495
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Feb 28, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pa...Show more
WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions. This vulnerability affects Firefox < 64.Show less
CVE-2018-18494
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 25, 2025
Feb 28, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin polic...Show more
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-18493
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 25, 2025
Feb 28, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploit...Show more
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-18492
4Canonical
DebianMozilla+1 more
10Debian Linux
Enterprise Linux DesktopEnterprise Linux Server+7 more
Nov 25, 2025
Feb 28, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability aff...Show more
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.Show less
CVE-2018-12407
2Canonical
Mozilla
2Firefox
Ubuntu Linux
Nov 21, 2024
Feb 28, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vu...Show more
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects Firefox < 64.Show less